Category: Privacy/Governance Feed

APT36 evolved its remote access trojan, ElizaRAT, along with introducing a new stealer payload called ApoloStealer    – Read More  –  

A Which? report outlines serious privacy concerns with smart device products including air fryers    – Read More  –  

Lloyds Bank has revealed that Oasis fans comprise the vast majority of ticket scam victims it deals with    – Read More  –  

Cybercriminals are exploiting DocuSign APIs to send fake invoices, bypassing security filters and mimicking well-known brands    – Read More  –  

The City of Columbus, Ohio, informed the Maine Attorney General’s Office that approximately 55% of its residents were affected by the breach    – Read More  –  

A US district court sentenced a Nigerian man for an elaborate ‘man-in-the-middle’ phishing campaign, which resulted in $12m in losses from real-estate transactions    – Read More  –  

The flaw, an exploitable stack buffer underflow in SQLite, was found by Google’s Big Sleep team using a large language model (LLM)    – Read More  –  

US government agencies said the video, widely shared on social media, is part of Russia’s broader strategy of undermining the integrity of the Presidential Election    – Read More  –  

Checkmarx has observed a novel npm supply chain attack using Ethereum smart contracts to manage command-and-control (C2) operations    – Read More  –  

Several UK council websites are back online after being disrupted by Russian hacktivist DDoS attacks    – Read More  –  

Sophos provided details of changing tactics by Chinese APT groups over a five-year period, involving a shift towards stealthy, targeted attacks    – Read More  –  

Multiple vulnerabilities in Rockwell Automation and Mitsubishi products could allow ICS cyber-attacks    – Read More  –  

US and Israeli government agencies have warned that the Iranian state-sponsored threat actor Cotton Sandstorm is deploying new tradecraft to expand its operations    – Read More  –  

Emeraldwhale breach allowed access to over 10,000 repositories and resulted in the theft of more than 15,000 cloud service credentials    – Read More  –  

New phishing kit Xiu Gou, featuring a unique “doggo” mascot, targets users in US, UK, Spain, Australia and Japan with 2000+ scam websites    – Read More  –  

A report by the Canadian Centre for Cyber Security described China as the most sophisticated cyber threat to Canada, also identified India as an emerging threat    – Read More  –  

Palo Alto Networks’ Unit 42 has observed the first-ever collaboration between North Korean-backed Jumpy Pisces and Play ransomware    – Read More  –  

Malware-related attacks against global government organizations increased 236% year-on-year in Q1 2024, according to SonicWall    – Read More  –  

ITRC data finds 81% of US small businesses have suffered a data or security breach over the past year    – Read More  –  

The new FakeCall variant uses advanced vishing tactics, featuring Bluetooth for device monitoring    – Read More  –  

The LiteSpeed Cache vulnerability allows administrator-level access, risking security for over 6 million WordPress sites    – Read More  –  

In a major security update, Apple has fixed dozens of bugs and vulnerabilities across its operating systems and services    – Read More  –  

CISA’s 2025-2026 International Strategic Plan aims to strengthen external partnerships to reduce risks to critical infrastructure relied on in the US    – Read More  –  

Comparitech warns that voters could be misled as most local government sites are failing on basic security    – Read More  –  

Microsoft has spotted a major spearphishing campaign from the Russian APT29 group using RDP for compromise    – Read More  –  

The phishing campaign targeted users via texts impersonating Amazon, linked to the threat actor Chenlun    – Read More  –  

ThreatFabric researchers have discovered significant updates to the LightSpy spyware, featuring plugins designed to interfere with device functionality    – Read More  –  

Operation Magnus took down infrastructure used to run the Redline and Meta infostealers, widely used tools in cybercriminal activities    – Read More  –  

A Veeam report found that businesses are prioritizing NIS2 compliance, with 95% of applicable firms diverting funds from other areas of the business    – Read More  –  

Global Witness uncovered a network of 71 suspicious accounts on X supporting the Azeri government    – Read More  –  

The UK’s information commissioner claims most adults in the country have had their personal data exposed or compromised    – Read More  –  

The UK has joined forces with its Five Eyes peers to offer cybersecurity guidance to startups    – Read More  –  

The surge in job scams targets vulnerable individuals, mirroring pig butchering fraud tactics    – Read More  –  

Evasive Panda’s CloudScout uses MgBot to steal session cookies, infiltrating cloud data in Taiwan    – Read More  –  

Google researchers have observed Russian threat actor UNC5812 using a malware campaign via Telegram to access the devices of Ukrainian military recruits    – Read More  –  

Vipre research reveals that 10% of emails targeting the manufacturing sector are BEC attempts    – Read More  –  

Trend Micro’s Zero Day Initiative hands out over $1m in awards for Pwn2Own competitors, who found more than 70 zero-day flaws    – Read More  –  

Updated figures from the HHS revealed that 100 million patients have been notified that their data was breached in the Change Healthcare ransomware attack    – Read More  –  

CERT-UA said the phishing campaign lures victims into downloading malware used to exfiltrate files containing sensitive personal data    – Read More  –  

LinkedIn violated the EU’s GDPR in how it processes its users personal data for behavioral purposes    – Read More  –  

A new ISACA study reveals that pay inequity and a lack of female leadership are significant issues noted by women in the digital trust sector    – Read More  –  

An unidentified threat actor has attempted to develop ransomware targeting macOS devices, posing as LockBit    – Read More  –  

Lazarus Group exploited Google Chrome zero-day, infecting systems with Manuscrypt malware    – Read More  –  

Penn State will pay $1.25m for failing federal cybersecurity standards in DoD and NASA contracts    – Read More  –  

The National Security Memorandum on AI sets out actions for the federal government to ensure the safe, secure and trustworthy development of AI    – Read More  –  

This high-severity flaw, dubbed FortiJump by security researcher Kevin Beaumont, has been added to CISA’s KEV catalog    – Read More  –  

A new ISACA study has revealed that cybersecurity professionals are often overlooked in the development of AI policies    – Read More  –  

The Data (Use and Access) Bill governs digital verification services and the use of personal data in public services, and will revamp the Information Commissioner’s Office    – Read More  –  

On the 10th anniversary since Cyber Essentials was introduced, the UK government has highlighted the impact the scheme has had in preventing attacks    – Read More  –  

WarmCookie malware, aka BadSpace, spreads via malspam, malvertising and enables persistent access    – Read More  –